Storm Worm Still Circulating With More Themes

There is no retreating by the so-called Storm Worm. Now the gang of cyber thieves is spamming the Trojan in its new variants as it did over the past weekend. Security Company F-Secure reported that the gang, which had launched a virus, exploiting people's curiosity about the storms that hit Europe has released more malware.

Chief Research Officer at Finnish anti-virus vendor F-Secure, Mikko Hypponen told SCMagazine.com on January 23, 2007 that the weekend has been busiest for Internet security experts in several months covering nearly a year. There has rarely been such large wave of Trojan spam.

The Storm Worm first detected on January 19, 2007 was spammed massively over the weekend and attacked Europe and U.S. east coast in particular.

Since then a fresh Trojan with a large number of variants have been distributed through spam mails that make ravish claims exploiting current news such as missiles gunning down satellites or Saddam Hussein been seen alive. According to Hypponen, the virus authors also used romantic themes as subjects such as "So in Love" and "A Special Kiss".

Security firm Commtouch Software reported that it tracked the malware to find that the Trojan infected 17% of e-mails worldwide during its peak time.

However, researchers remarked that the present scale of activity was nowhere comparable with earlier virus attacks like MyDoom and Bagel.

Hypponen said that attackers were mostly making home PCs their targets. This is less to worry for corporate networks that filter.exe attachments at the e-mail gateway.

According to SoftScan, security firms were able to cope very well with the extremely fast release of new variants. One company even issued updates in a short time of 20 minutes. SoftScan tracked e-mails and figured out 2,600 spam mails carrying the new variant.

The latest variants use rootkits that conceal the virus so deep into the system where, to reach and detect it requires running low-level scans. Thus the viruses are difficult to find, Hypponen said.

The malware developers are also employing the attacks to construct huge armies of botnets to help launch even more spam, phishing and DoS attacks, he said.